subject:"RE\: CASPOL docs for sysadmins\?"

RE: CASPOL docs for sysadmins?

2010-10-21 Thread Stu Sjouwerman

http://www.softwareshelf.com/

commercial product that does all this and a lot more. 

Warm regards,  Stu

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Tuesday, October 19, 2010 7:53 PM
To: NT System Admin Issues
Subject: Re: CASPOL docs for sysadmins?

On 10/19/2010 6:43 PM, Ben Scott wrote:
>> On my HP printers these will give me the page count:
>> snmpget -v 1 -c public  1.3.6.1.4.1.11.2.3.9.4.2.1.1.16.1.1.1.2.0
>> snmpget -v 1 -c public  1.3.6.1.2.1.43.10.2.1.4.1.1
> 
>   FWIW: The second doesn't seem to work for any of ours (a mix of HP 
> and Lexmark).  The first works for almost all.

Odd, the second one worked correctly on a Lexmark E360dn I have here where the 
first didn't work at all (snmpget returned "No such variable name).

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Phil Brutsche

On 10/19/2010 6:43 PM, Ben Scott wrote:
>> On my HP printers these will give me the page count:
>> snmpget -v 1 -c public  1.3.6.1.4.1.11.2.3.9.4.2.1.1.16.1.1.1.2.0
>> snmpget -v 1 -c public  1.3.6.1.2.1.43.10.2.1.4.1.1
> 
>   FWIW: The second doesn't seem to work for any of ours (a mix of HP
> and Lexmark).  The first works for almost all.

Odd, the second one worked correctly on a Lexmark E360dn I have here
where the first didn't work at all (snmpget returned "No such variable
name).

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Phil Brutsche

The second one reports accurate page counts on Lexmark printers; I
believe it is a more generic SNMP element as it is something my newer HP
printers accurately reported page counts on.

On 10/19/2010 5:37 PM, Phil Brutsche wrote:
> Have you tried to see what's visible in SNMP?
> 
> On my HP printers these will give me the page count:
> snmpget -v 1 -c public  1.3.6.1.4.1.11.2.3.9.4.2.1.1.16.1.1.1.2.0
> snmpget -v 1 -c public  1.3.6.1.2.1.43.10.2.1.4.1.1
> 
> Some printers will give results for one, but not the other. Some
> printers will give accurate counts with one query, but not the other.
> 
> On 10/19/2010 5:00 PM, Ben Scott wrote:
>> On Tue, Oct 19, 2010 at 5:44 PM, Jeff Steward  wrote:
>>> http://gallery.technet.microsoft.com/ScriptCenter/en-us/2f2ea17e-3f1b-4753-bfd1-d0400819a555
>>
>>   No, we need to get the page count meters from the printers, for
>> several reasons:
>>
>> - Print queues are sometimes changed vs printers
>> - Windows' idea of pages printed isn't always reality
>> - Some of these devices are also copiers
> 


-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Ben Scott

On Tue, Oct 19, 2010 at 6:37 PM, Phil Brutsche  wrote:
> Have you tried to see what's visible in SNMP?

  SNMP is one of those things that's been on my to-learn list forever,
but I never seem to get around to actually learning.  However, your
examples have given me everything I need to get started for this
particular project.

  Mucho thanks!!!

> On my HP printers these will give me the page count:
> snmpget -v 1 -c public  1.3.6.1.4.1.11.2.3.9.4.2.1.1.16.1.1.1.2.0
> snmpget -v 1 -c public  1.3.6.1.2.1.43.10.2.1.4.1.1

  FWIW: The second doesn't seem to work for any of ours (a mix of HP
and Lexmark).  The first works for almost all.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CASPOL docs for sysadmins?

2010-10-19 Thread Brian Desmond

The network access is likely what it needs full trust for. Kind of wierd that 
it runs in a browser not as a service or something.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, October 19, 2010 2:36 PM
To: NT System Admin Issues
Subject: Re: CASPOL docs for sysadmins?

On Tue, Oct 19, 2010 at 5:11 PM, Brian Desmond  wrote:
> So what is the actual app ...

  From the logo at <http://meters.example.com/> (name changed to protect the 
guilty), I gather it's called "FMAudit Central".  The original software 
publisher appears to be http://www.fmaudit.com/, but they don't give you much 
info.  I suspect they follow a tight channel sales model.

> ... what does it do?

  All I need and want it to do is read page counts from our various networked 
printers (presumably via SNMP) and display the results.
Bonus points for coughing up a CSV list, but even HTML will do.

  The vendor is trying to sell us on managed print services (supplies and 
maintenance, billed per page).

  For all I know, the thing can also feed the hungry, clothe the poor, and 
create world peace, but all I want to do is get page counts without having to 
log in to each printer's web UI every month.  :-)

  Or, if someone knows of another way to do this -- without buying someone 
else's print management package, or installing their bloated print management 
"server" -- I'm open to suggestions.  :)  I suppose the ideal thing would be a 
command-line tool, which, given a printer hostname, will output out a page 
count.  I could wrap that in a script easily.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Phil Brutsche

Have you tried to see what's visible in SNMP?

On my HP printers these will give me the page count:
snmpget -v 1 -c public  1.3.6.1.4.1.11.2.3.9.4.2.1.1.16.1.1.1.2.0
snmpget -v 1 -c public  1.3.6.1.2.1.43.10.2.1.4.1.1

Some printers will give results for one, but not the other. Some
printers will give accurate counts with one query, but not the other.

On 10/19/2010 5:00 PM, Ben Scott wrote:
> On Tue, Oct 19, 2010 at 5:44 PM, Jeff Steward  wrote:
>> http://gallery.technet.microsoft.com/ScriptCenter/en-us/2f2ea17e-3f1b-4753-bfd1-d0400819a555
> 
>   No, we need to get the page count meters from the printers, for
> several reasons:
> 
> - Print queues are sometimes changed vs printers
> - Windows' idea of pages printed isn't always reality
> - Some of these devices are also copiers

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Ben Scott

On Tue, Oct 19, 2010 at 5:44 PM, Jeff Steward  wrote:
> http://gallery.technet.microsoft.com/ScriptCenter/en-us/2f2ea17e-3f1b-4753-bfd1-d0400819a555

  No, we need to get the page count meters from the printers, for
several reasons:

- Print queues are sometimes changed vs printers
- Windows' idea of pages printed isn't always reality
- Some of these devices are also copiers

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Jeff Steward

Will this do?

http://gallery.technet.microsoft.com/ScriptCenter/en-us/2f2ea17e-3f1b-4753-bfd1-d0400819a555

-Jeff
Steward

On Tue, Oct 19, 2010 at 5:35 PM, Ben Scott  wrote:

> On Tue, Oct 19, 2010 at 5:11 PM, Brian Desmond 
> wrote:
> > So what is the actual app ...
>
>  From the logo at  (name changed to
> protect the guilty), I gather it's called "FMAudit Central".  The
> original software publisher appears to be http://www.fmaudit.com/, but
> they don't give you much info.  I suspect they follow a tight channel
> sales model.
>
> > ... what does it do?
>
>  All I need and want it to do is read page counts from our various
> networked printers (presumably via SNMP) and display the results.
> Bonus points for coughing up a CSV list, but even HTML will do.
>
>  The vendor is trying to sell us on managed print services (supplies
> and maintenance, billed per page).
>
>  For all I know, the thing can also feed the hungry, clothe the poor,
> and create world peace, but all I want to do is get page counts
> without having to log in to each printer's web UI every month.  :-)
>
>  Or, if someone knows of another way to do this -- without buying
> someone else's print management package, or installing their bloated
> print management "server" -- I'm open to suggestions.  :)  I suppose
> the ideal thing would be a command-line tool, which, given a printer
> hostname, will output out a page count.  I could wrap that in a script
> easily.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Ben Scott

On Tue, Oct 19, 2010 at 5:11 PM, Brian Desmond  wrote:
> So what is the actual app ...

  From the logo at  (name changed to
protect the guilty), I gather it's called "FMAudit Central".  The
original software publisher appears to be http://www.fmaudit.com/, but
they don't give you much info.  I suspect they follow a tight channel
sales model.

> ... what does it do?

  All I need and want it to do is read page counts from our various
networked printers (presumably via SNMP) and display the results.
Bonus points for coughing up a CSV list, but even HTML will do.

  The vendor is trying to sell us on managed print services (supplies
and maintenance, billed per page).

  For all I know, the thing can also feed the hungry, clothe the poor,
and create world peace, but all I want to do is get page counts
without having to log in to each printer's web UI every month.  :-)

  Or, if someone knows of another way to do this -- without buying
someone else's print management package, or installing their bloated
print management "server" -- I'm open to suggestions.  :)  I suppose
the ideal thing would be a command-line tool, which, given a printer
hostname, will output out a page count.  I could wrap that in a script
easily.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CASPOL docs for sysadmins?

2010-10-19 Thread Brian Desmond

So what is the actual app and what does it do?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, October 19, 2010 2:08 PM
To: NT System Admin Issues
Subject: Re: CASPOL docs for sysadmins?

On Tue, Oct 19, 2010 at 4:50 PM, Damien Solodow  
wrote:
> Looks like it is something that says "allow this .Net assembly to run 
> from this site".

  As the estimable Mr. Desmond points out, I don't think it's that simple.

  By reading the MSFT docs, I've been able to discern that

<-q> suppresses an "Are you sure?" prompt.

<-m> modifies the local machine policy (as opposed to?).

<-ag 1.> "adds a new code group to the code group hierarchy", with <1.> as the 
parent group ID.  But it's not at all clear to me what a code group is used 
for, and what the significance of <1.> is.

< -name FMAuditWebAudit> associates a name with the group being added.

 means normally-present restrictions are being removed.  So then I 
of course wonder, is there a way I can be more granular or restrictive?  Do I 
have to give away the keys to kingdom?

<-site "meters.example.com"> specifies the site the code is coming from, but it 
isn't clear to me if that's in addition to the code group specification 
(logical AND, making things more restricted), or something else.

  But I definitely don't have the big picture, and that scares me.
Look at the security nightmare ActiveX turned out to be.  I don't want to go 
down that road all over again.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: CASPOL docs for sysadmins?

2010-10-19 Thread Ben Scott

On Tue, Oct 19, 2010 at 4:50 PM, Damien Solodow
 wrote:
> Looks like it is something that says "allow this .Net assembly to run
> from this site".

  As the estimable Mr. Desmond points out, I don't think it's that simple.

  By reading the MSFT docs, I've been able to discern that

<-q> suppresses an "Are you sure?" prompt.

<-m> modifies the local machine policy (as opposed to?).

<-ag 1.> "adds a new code group to the code group hierarchy", with
<1.> as the parent group ID.  But it's not at all clear to me what a
code group is used for, and what the significance of <1.> is.

< -name FMAuditWebAudit> associates a name with the group being added.

 means normally-present restrictions are being removed.  So
then I of course wonder, is there a way I can be more granular or
restrictive?  Do I have to give away the keys to kingdom?

<-site "meters.example.com"> specifies the site the code is coming
from, but it isn't clear to me if that's in addition to the code group
specification (logical AND, making things more restricted), or
something else.

  But I definitely don't have the big picture, and that scares me.
Look at the security nightmare ActiveX turned out to be.  I don't want
to go down that road all over again.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CASPOL docs for sysadmins?

2010-10-19 Thread Brian Desmond

Well it's a bit more than that.

The .NET Framework has this concept of marking different APIs it provides based 
on the trust level they provide. FullTrust basically lets the app do anything. 
Your vendor probably has some sort of managed app hosted inside the site - the 
term fro this escapes me, but, by default that's going to run with a much lower 
trust level. It probably needs to invoke some API on your machine or write to 
the file system or something which would require a higher trust level.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132


-Original Message-
From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, October 19, 2010 1:51 PM
To: NT System Admin Issues
Subject: RE: CASPOL docs for sysadmins?

Looks like it is something that says "allow this .Net assembly to run from this 
site". 
I'd read it as being comparable to run a java app from a specific site. 

The important thing is that it looks like a modified caspol command line would 
let you remove the permission the command below grants. 

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.217.6851 (fax)
HARRISON COLLEGE

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, October 19, 2010 4:39 PM
To: NT System Admin Issues
Subject: CASPOL docs for sysadmins?

Hi list,

  I've got a vendor who wants me to do this:

caspol.exe  -m -q -ag 1. -site "meters.example.com" FullTrust -name 
FMAuditWebAudit

and then go to some web site, to run their managed print audit thingy.
 Can anyone tell me what that means, from a practical security standpoint?  If 
it means "really bad idea" (e.g., the moral equivalent of running as admin), is 
there a more reasonable alternative?

  I've done a Google, and found plenty of hits, but most of it seems to be 
written for programmers.  It talks about publishing applications, and signing 
code, etc., etc., none of which I'm involved with.  It all seems to assume I'm 
the one designing the program, so I know exactly what it needs to do, and I 
have all the details on things like what "code groups" and "strong names" have 
been assigned.

  We all know we can't trust programmers to give us security advice.
If I did everything programmers told me to do, every user account on our 
network would be a member of "Domain Admins".

  I'm willing to R a FM if someone can point me at one that's useful for this 
situation.

  advTHANKSance!

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CASPOL docs for sysadmins?

2010-10-19 Thread Damien Solodow

Looks like it is something that says "allow this .Net assembly to run
from this site". 
I'd read it as being comparable to run a java app from a specific site. 

The important thing is that it looks like a modified caspol command line
would let you remove the permission the command below grants. 

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.217.6851 (fax)
HARRISON COLLEGE

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, October 19, 2010 4:39 PM
To: NT System Admin Issues
Subject: CASPOL docs for sysadmins?

Hi list,

  I've got a vendor who wants me to do this:

caspol.exe  -m -q -ag 1. -site "meters.example.com" FullTrust -name
FMAuditWebAudit

and then go to some web site, to run their managed print audit thingy.
 Can anyone tell me what that means, from a practical security
standpoint?  If it means "really bad idea" (e.g., the moral equivalent
of running as admin), is there a more reasonable alternative?

  I've done a Google, and found plenty of hits, but most of it seems to
be written for programmers.  It talks about publishing applications, and
signing code, etc., etc., none of which I'm involved with.  It all seems
to assume I'm the one designing the program, so I know exactly what it
needs to do, and I have all the details on things like what "code
groups" and "strong names" have been assigned.

  We all know we can't trust programmers to give us security advice.
If I did everything programmers told me to do, every user account on our
network would be a member of "Domain Admins".

  I'm willing to R a FM if someone can point me at one that's useful for
this situation.

  advTHANKSance!

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

RE: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

RE: CASPOL docs for sysadmins?

Re: CASPOL docs for sysadmins?

RE: CASPOL docs for sysadmins?

RE: CASPOL docs for sysadmins?

13 matches

Site Navigation

Mail list logo

Footer information